1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
# == class: swift::proxy::tempauth
# This class manages tempauth middleware
#
# [*reseller_prefix*]
# The naming scope for the auth service. Swift storage accounts and
# auth tokens will begin with this prefix.
# Optional. Defaults to 'undef'
# Example: 'AUTH'.
#
# [*auth_prefix*]
# The HTTP request path prefix for the auth service. Swift itself
# reserves anything beginning with the letter v.
# Optional. Defaults to 'undef'
# Example: '/auth/'
#
# [*token_life*]
# The number of seconds a token is valid.
# Optional. Integer value. Defaults to 'undef'.
# Example: 81600
#
# [*allow_overrides*]
# Allows middleware higher in the WSGI pipeline to override auth
# processing
# Optional. Boolean. Defaults to 'undef'
# Example: true
#
# [*storage_url_scheme*]
# Scheme to return with storage urls: http, https, or default
# Optional. Possible values: http, https or default. Defaults to 'undef'
#
# [*account_user_list*]
# List all the accounts/users you want in an array of hash format.
# 'user' and 'account' should not include '_' (TODO).
# Defaults to:
# account_user_list => [
# {
# 'user' => 'admin',
# 'account' => 'admin',
# 'key' => 'admin',
# 'groups' => [ 'admin', 'reseller_admin' ],
# }
# ]
#
# Example of two account/user:
# account_user_list => [
# {
# 'user' => 'admin',
# 'account' => 'admin',
# 'key' => 'admin',
# 'groups' => [ 'admin', 'reseller_admin' ],
# },
# {
# 'user' => 'foo',
# 'account' => 'bar',
# 'key' => 'pass',
# 'groups' => [],
# },
# ]
#
# it will generate these lines
# user_admin_admin = admin .admin .reseller_admin
# user_bar_foo = pass
#
# == Authors
#
# Guilherme Maluf Balzana <guimalufb@gmail.com>
#
class swift::proxy::tempauth (
$account_user_list = [
{
'user' => 'admin',
'account' => 'admin',
'key' => 'admin',
'groups' => [ 'admin', 'reseller_admin' ],
},
],
$reseller_prefix = undef,
$auth_prefix = undef,
$token_life = undef,
$allow_overrides = undef,
$storage_url_scheme = undef,
) {
include swift::deps
validate_legacy(Array, 'validate_array', $account_user_list)
if ($reseller_prefix) {
validate_legacy(String, 'validate_string', $reseller_prefix)
$reseller_prefix_upcase = upcase($reseller_prefix)
}
if ($token_life) {
validate_legacy(Integer, 'validate_integer', $token_life)
}
if ($auth_prefix) {
validate_legacy(Pattern[/\/(.*)+\//], 'validate_re', $auth_prefix, ['\/(.*)+\/'])
}
if ($allow_overrides) {
validate_legacy(Boolean, 'validate_bool', $allow_overrides)
}
if ($storage_url_scheme) {
validate_legacy(Enum['http', 'https', 'default'], 'validate_re',
$storage_url_scheme, [['http', 'https', 'default']])
}
swift_proxy_config {
'filter:tempauth/use': value => 'egg:swift#tempauth';
'filter:tempauth/reseller_prefix': value => $reseller_prefix_upcase;
'filter:tempauth/token_life': value => $token_life;
'filter:tempauth/auth_prefix': value => $auth_prefix;
'filter:tempauth/storage_url_scheme': value => $storage_url_scheme;
}
# tempauth account_users end up in the following format
# user_<account>_<user> = <key> .<group1> .<groupx>
# ex: user_admin_admin=admin .admin .reseller_admin
# account_data is an array with each element containing a single account string:
# ex [user_<account>_<user>, <key> .<group1> .<groupx>]
if $account_user_list {
$account_data = split(inline_template(
"<% @account_user_list.each do |user| %>\
user_<%= user['account'] %>_<%= user['user'] %>,\
<%= user['key'] %> <%= user['groups'].map { |g| '.' + g }.join(' ') %> ; <% end %>"),';')
# write each temauth account line to file
# TODO replace/simplify with iterators once all supported puppet versions support them.
swift::proxy::tempauth_account { $account_data: }
}
}
|
